http://sn.1w6.org/file/bobjonkman-20140226T175148-9bsethz.html
Things I teach people: 1) Use a password manager. 2) If you don't use a password manager, choose a long, memorable phrase. The longer, the better. 2a) Make it easily typeable. I know people who have strong, long passwords, but can't remember how to type them. As Schneier points out, PW cracking tools try variations on 1337$p34|< anyway, so funny symbols don't add much protection. 2b) Write it down, and keep it where you keep your money. If your password is protecting $10 worth of data, keep it in your wallet. If your password is protecting $10,000 worth of data then keep it in a safe. !Security